CVE-2026-41722
HighCVSS 8.0Exploitation Probability (EPSS)
Low risk18th percentile - higher than 18% of all known CVEs
Summary
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities. A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions.
Risk Assessment
These vulnerabilities could lead to unauthorized access and data manipulation in VMware Cloud Foundation Operations, posing a serious security threat to the organization.
Recommendation
It is recommended to update VMware Cloud Foundation Operations to the latest version and review user permissions to limit the ability to inject scripts.
Original NVD description (English source)
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.

